0
 <?php

     session_start();

            $c=mysqli_connect('mysql.hostinger.in','u808297599_eval','nandini123');
      if(!$c)
      exit("ERROR");
   $db=mysqli_select_db($c,'u808297599_eval');
   if(!$db)
    exit("ERROR");
       $e=$_POST['username'];
       $p=$_POST['password'];
        $_SESSION['username']=$e;
        $query="SELECT * FROM tecaherlogin WHERE username='$username' AND     password='$password' ";
            $result=mysqli_query($c,$query);
       $exists=mysql_num_rows($result);

       if ($exists!=0)
       {
                     //while loop
              while ($row = mysqli_fetch_assoc($query))
              {
               $dbusername = $row['username'];
               $dbpassword = $row['password'];
                  }
              if($dbpassword==$p)
                        {
                Print '<script>alert("Correct Password!");</script>';
                 Print '<script>window.location.assign("evaluate.html");     </script>';}

                else
             {
                Print '<script>alert("Incorrect Password!");</script>';
                 Print       '<script>window.location.assign("teacherloginnew.html");</script>';
    }
   }
  else
  echo "user does not exist!";
  ?>

I get this error:

warning:mysqli-fetch-assoc expects parameter 1 to be mysqli_result, string given

This shows up before loading the page, the warning sign should not be there as this is for my project. Please help.

esote
  • 831
  • 12
  • 25
Vatsala jha
  • 1
  • 1
  • You shouldn't mix `mysqli_` with `mysql_`. See http://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php – Pang Nov 26 '16 at 02:25
  • By the way, your code is vulnerable to [SQL injection attacks](https://en.wikipedia.org/wiki/SQL_injection). Please read [this post](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) to learn more on how to prevent it. – Pang Nov 26 '16 at 02:26

1 Answers1

1

You're trying to fetch_assoc of a string $query.

Your mysqli_result is the variable $result, which is the one you should be passing here:

while ($row = mysqli_fetch_assoc($query))

Do this:

while ($row = mysqli_fetch_assoc($result))

This query below will already verify if the password is correct. So you don't need to fetch assoc again below.

$query="SELECT * FROM tecaherlogin WHERE username='$username' AND     password='$password' ";

You just need this:

$exists=mysql_num_rows($result);

    if ($exists!=0)
    {
        Print '<script>alert("Correct Password!");</script>';
        Print '<script>window.location.assign("evaluate.html");     </script>';
    }
    else
    {
        Print '<script>alert("Incorrect User or Password!");</script>';
        Print '<script>window.location.assign("teacherloginnew.html");</script>';
    }
Phiter
  • 14,570
  • 14
  • 50
  • 84